bash 如何在 Linux 中禁用 90 天不活动的帐户?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40188060/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How would I disable accounts that have been inactive for 90 days in Linux?
提问by Gabbo
Working on a script that disables accounts that have been inactive for 90 days. Couldn't really find an answer after researching my problem for a few days, but I did find this command on a forum:
处理禁用 90 天不活动帐户的脚本。在研究了我的问题几天后无法真正找到答案,但我确实在论坛上找到了这个命令:
lastlog -t 10000 > temp1; lastlog -t 90 > temp2; diff temp1 temp2; rm temp1; rm temp2
This command outputs the users that have been inactive for 90 days. I think the solution to my problem would be to:
此命令输出 90 天不活动的用户。我认为解决我的问题的方法是:
Filter the output of this command so only the usernames are displayed (in a list, with 1 username per line).
Take this output and write it to a text file.
Run a for-loop that for each line in the file, the contents of the line (which should be just a single username) are stored in a variable called "inactiveUser". Then the command usermod -L $inactiveUserwill be executed.
过滤此命令的输出,以便仅显示用户名(在列表中,每行 1 个用户名)。
获取此输出并将其写入文本文件。
运行一个 for 循环,对于文件中的每一行,该行的内容(应该只是一个用户名)存储在一个名为“inactiveUser”的变量中。然后将执行命令usermod -L $inactiveUser。
Would my proposed solution work? If so, how could it be achieved? Is there a much easier method to lock inactive accounts that I am not aware of?
我提出的解决方案会奏效吗?如果是这样,它是如何实现的?是否有更简单的方法来锁定我不知道的非活动帐户?
采纳答案by webb
you can simplify this with:
您可以通过以下方式简化此操作:
lastlog -b 90
which directly lists users who have not logged in in the past 90 days.
直接列出过去 90 天内未登录的用户。
however, it also has a header row, and lists lots of system users.
但是,它也有一个标题行,并列出了许多系统用户。
use tailto skip the header row:
用于tail跳过标题行:
lastlog -b 90 | tail -n+2
then you could use grepto filter out system users:
那么你可以grep用来过滤系统用户:
lastlog -b 90 | tail -n+2 | grep -v 'Never log'
although perhaps there is a safer way to find real, non-system users, e.g.:
尽管也许有一种更安全的方法可以找到真实的非系统用户,例如:
cd /home; find * -maxdepth 0 -type d
that issue aside, you can get just the usernames out with awk:
撇开这个问题不谈,您可以使用以下命令获取用户名awk:
lastlog -b 90 | tail -n+2 | grep -v 'Never log' | awk '{print }'
then either output the list to a file, or else directly run usermodvia while readloop or xargs:
然后将列表输出到文件,或者直接usermod通过while read循环运行或xargs:
lastlog -b 90 | tail -n+2 | grep -v 'Never log' | awk '{print }' |
xargs -I{} usermod -L {}
perhaps you should also log what you've done:
也许您还应该记录您所做的事情:
lastlog -b 90 | tail -n+2 | grep -v 'Never log' | awk '{print }' |
tee -a ~/usermod-L.log | xargs -I{} usermod -L {}
回答by Chem-man17
While the other answer works, it can be made much cleaner by using awkinstead of tail | grep | awk
虽然其他答案有效,但可以通过使用awk而不是tail | grep | awk
lastlog -b 90 | awk '!/Never log/ {if (NR > 1) print }' | xargs -I{} usermod -L {}
The awkcommand checkes for lines that don't have the expression 'Never log' in it (!/Never log/).
该awk命令会检查其中没有“从不登录”表达式 ( !/Never log/) 的行。
NR > 1emulates tail -n +2.
NR > 1模仿tail -n +2。
print $1prints the first column.
print $1打印第一列。
